Linus Torvalds in NSFW Red Hat rant
X.509 dispute turns XXX as Torvalds says Red Hat wants kinky fun with Redmond
Linux overlord Linus Torvalds has again vented his spleen online, taking on Red Hat employee David Howells with a series of expletive-laden posts on the topic of X.509 public key management standard.
The action takes place on the Linux Kernel Mailing List, with Howell posting a request that Torvalds “pull this patchset please”.
Howells wants the code accepted into the kernel so Red Hat can ”embed an X.509 certificate containing the key in a section called '.keylist' in an EFI PE binary and then get the binary signed by Microsoft.” This arrangement, he suggests, is more elegant than the way the Linux kernel signs certificates today.
Torvalds' initial response is “not without a lot more discussion first”, because “quite frankly, this is f*cking moronic. The whole thing seems to be designed around stupid interfaces, for completely moronic reasons. Why should we do this?”
The Reg has quoted Torvalds' posts verbatim: he inserted his own asterisks into the message.
As the conversation unfolds Torvalds points out that the discussion is not a fellatio contest, suggests that “If Red Hat wants to deep-throat Microsoft, that's *your* issue” and lambasting Red Hat for even suggesting key management be done in the kernel.
Torvalds later advances this argument as to why what Red Hat wants is not a good idea:
“Quite frankly, I doubt that anybody will ever care, plus getting me to care about some vendor that ships external binary-only modules is going to be hard as hell.
Plus quite frankly, signing random kernel vendor modules (indirectly) with a MS key is f*cking stupid to begin with.
In other words, I really don't see why we should bend over backwards, when there really is no reason to. It's adding stupid code to the kernel only to encourage stupidities in other people.
Seriously, if somebody wants to make a binary module for Fedora 18 or whatever, they should go to Red Hat and ask whether RH is willing to sign their key. And the whole "no, we only think it makes sense to trust MS keys" argument is so f*cking stupid that if somebody really brings that up, I can only throw my hands up and say "whatever".
In other words, none of this makes me think that we should do stupid things just to perpetuate the stupidity. And I don't believe in the argument to begin with.”
Opinion in the thread seems to favour Torvalds' point of view and discussion has petered out, so it looks like the Lord of Linux has taken this round. Torvalds has form with shouty rants, having in the last year flipped the bird in NVIDIA's direction and told another Red Hatter to be quiet in a very forceful way. He's also 'fessed up to being unable to control some of his shoutier impulses. ®
Sponsored: Becoming a Pragmatic Security Leader